diff --git a/rabbitmq/.helmignore b/rabbitmq/.helmignore new file mode 100644 index 000000000..3ca0aad82 --- /dev/null +++ b/rabbitmq/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + + diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml new file mode 100644 index 000000000..3aae874af --- /dev/null +++ b/rabbitmq/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm RabbitMQ +name: rabbitmq +version: 0.1.0 diff --git a/rabbitmq/requirements.yaml b/rabbitmq/requirements.yaml new file mode 100644 index 000000000..53782e69b --- /dev/null +++ b/rabbitmq/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/rabbitmq/templates/bin/_rabbitmq-liveness.sh.tpl b/rabbitmq/templates/bin/_rabbitmq-liveness.sh.tpl new file mode 100644 index 000000000..2f30aa437 --- /dev/null +++ b/rabbitmq/templates/bin/_rabbitmq-liveness.sh.tpl @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -e + +exec rabbitmqctl status diff --git a/rabbitmq/templates/bin/_rabbitmq-readiness.sh.tpl b/rabbitmq/templates/bin/_rabbitmq-readiness.sh.tpl new file mode 100644 index 000000000..2f30aa437 --- /dev/null +++ b/rabbitmq/templates/bin/_rabbitmq-readiness.sh.tpl @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -e + +exec rabbitmqctl status diff --git a/rabbitmq/templates/bin/_rabbitmq-start.sh.tpl b/rabbitmq/templates/bin/_rabbitmq-start.sh.tpl new file mode 100644 index 000000000..98394ddfd --- /dev/null +++ b/rabbitmq/templates/bin/_rabbitmq-start.sh.tpl @@ -0,0 +1,21 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec /docker-entrypoint.sh rabbitmq-server diff --git a/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl b/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl new file mode 100644 index 000000000..04b2f0c45 --- /dev/null +++ b/rabbitmq/templates/bin/_rabbitmq-test.sh.tpl @@ -0,0 +1,77 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -e + +# Extract connection details +RABBIT_HOSTNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \ + | awk -F'[:/]' '{print $1}'` +RABBIT_PORT=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $2}' \ + | awk -F'[:/]' '{print $2}'` + +# Extract Admin User creadential +RABBITMQ_ADMIN_USERNAME=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $4}'` +RABBITMQ_ADMIN_PASSWORD=`echo $RABBITMQ_ADMIN_CONNECTION | awk -F'[@]' '{print $1}' \ + | awk -F'[//:]' '{print $5}'` + +function rabbit_find_paritions () { + PARTITIONS=$(rabbitmqadmin \ + --host="${RABBIT_HOSTNAME}" \ + --port="${RABBIT_PORT}" \ + --username="${RABBITMQ_ADMIN_USERNAME}" \ + --password="${RABBITMQ_ADMIN_PASSWORD}" \ + list nodes -f raw_json | \ + python -c "import json,sys; +obj=json.load(sys.stdin); +for num, node in enumerate(obj): + print node['partitions'];") + + for PARTITION in ${PARTITIONS}; do + if [[ $PARTITION != '[]' ]]; then + echo "Cluster partition found" + exit 1 + fi + done + echo "No cluster partitions found" +} +# Check no nodes report cluster partitioning +rabbit_find_paritions + +function rabbit_check_users_match () { + # Check users match on all nodes + NODES=$(rabbitmqadmin \ + --host="${RABBIT_HOSTNAME}" \ + --port="${RABBIT_PORT}" \ + --username="${RABBITMQ_ADMIN_USERNAME}" \ + --password="${RABBITMQ_ADMIN_PASSWORD}" \ + list nodes -f bash) + USER_LIST=$(mktemp --directory) + for NODE in ${NODES}; do + rabbitmqadmin \ + --host=${NODE#*@} \ + --port="${RABBIT_PORT}" \ + --username="${RABBITMQ_ADMIN_USERNAME}" \ + --password="${RABBITMQ_ADMIN_PASSWORD}" \ + list users -f bash > ${USER_LIST}/${NODE#*@} + done + cd ${USER_LIST}; diff -q --from-file $(ls ${USER_LIST}) + echo "User lists match for all nodes" +} +# Check users match on all nodes +rabbit_check_users_match diff --git a/rabbitmq/templates/configmap-bin.yaml b/rabbitmq/templates/configmap-bin.yaml new file mode 100644 index 000000000..d2cd023d1 --- /dev/null +++ b/rabbitmq/templates/configmap-bin.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + rabbitmq-test.sh: | +{{ tuple "bin/_rabbitmq-test.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbitmq-liveness.sh: | +{{ tuple "bin/_rabbitmq-liveness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbitmq-readiness.sh: | +{{ tuple "bin/_rabbitmq-readiness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbitmq-start.sh: | +{{ tuple "bin/_rabbitmq-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{ end }} diff --git a/rabbitmq/templates/configmap-etc.yaml b/rabbitmq/templates/configmap-etc.yaml new file mode 100644 index 000000000..b0aa91488 --- /dev/null +++ b/rabbitmq/templates/configmap-etc.yaml @@ -0,0 +1,43 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + +{{- if empty $envAll.Values.conf.rabbitmq.cluster_formation.k8s.host -}} +{{- $_ := print "kubernetes.default.svc." $envAll.Values.endpoints.cluster_domain_suffix | set $envAll.Values.conf.rabbitmq.cluster_formation.k8s "host" -}} +{{- end -}} + +{{- $_ := print "0.0.0.0:" ( tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | set $envAll.Values.conf.rabbitmq.listeners.tcp "1" -}} + +{{- if empty $envAll.Values.conf.rabbitmq.default_user -}} +{{- $_ := set $envAll.Values.conf.rabbitmq "default_user" $envAll.Values.endpoints.oslo_messaging.auth.user.username -}} +{{- end -}} +{{- if empty $envAll.Values.conf.rabbitmq.default_pass -}} +{{- $_ := set $envAll.Values.conf.rabbitmq "default_pass" $envAll.Values.endpoints.oslo_messaging.auth.user.password -}} +{{- end -}} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} +data: + enabled_plugins: | +{{ tuple "etc/_enabled_plugins.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + rabbitmq.conf: | +{{ include "rabbitmq.utils.to_rabbit_config" $envAll.Values.conf.rabbitmq | indent 4 }} +{{ end }} diff --git a/rabbitmq/templates/etc/_enabled_plugins.tpl b/rabbitmq/templates/etc/_enabled_plugins.tpl new file mode 100644 index 000000000..42f415a66 --- /dev/null +++ b/rabbitmq/templates/etc/_enabled_plugins.tpl @@ -0,0 +1,17 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +[{{ include "helm-toolkit.utils.joinListWithComma" .Values.conf.enabled_plugins }}]. diff --git a/rabbitmq/templates/ingress-management.yaml b/rabbitmq/templates/ingress-management.yaml new file mode 100644 index 000000000..cdd2c925d --- /dev/null +++ b/rabbitmq/templates/ingress-management.yaml @@ -0,0 +1,25 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.ingress_management .Values.network.management.ingress.public }} +{{- $envAll := . }} +{{- if empty $envAll.Values.endpoints.oslo_messaging.hosts.public }} +{{- $service_public_name := .Release.Name | trunc 12 }} +{{- $_ := set $envAll.Values.endpoints.oslo_messaging.hosts "public" ( printf "%s-%s-%s" $service_public_name "mgr" ( $service_public_name | sha256sum | trunc 6 )) }} +{{- end }} +{{- $ingressOpts := dict "envAll" . "backendService" "management" "backendServiceType" "oslo_messaging" "backendPort" "http" -}} +{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} +{{- end }} diff --git a/rabbitmq/templates/job-image-repo-sync.yaml b/rabbitmq/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..5fb10bcb9 --- /dev/null +++ b/rabbitmq/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "rabbitmq" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/rabbitmq/templates/monitoring/prometheus/exporter-deployment.yaml b/rabbitmq/templates/monitoring/prometheus/exporter-deployment.yaml new file mode 100644 index 000000000..363b73bdd --- /dev/null +++ b/rabbitmq/templates/monitoring/prometheus/exporter-deployment.yaml @@ -0,0 +1,69 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.deployment_exporter .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} + +{{- $rcControllerName := printf "%s-%s" $envAll.Release.Name "rabbitmq-exporter" }} +{{ tuple $envAll "prometheus_rabbitmq_exporter" $rcControllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ $rcControllerName | quote }} + labels: +{{ tuple $envAll "prometheus_rabbitmq_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + replicas: {{ $envAll.Values.pod.replicas.prometheus_rabbitmq_exporter }} + selector: + matchLabels: +{{ tuple $envAll "prometheus_rabbitmq_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "prometheus_rabbitmq_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + namespace: {{ $envAll.Values.endpoints.prometheus_rabbitmq_exporter.namespace }} + spec: + serviceAccountName: {{ $rcControllerName | quote }} + nodeSelector: + {{ $envAll.Values.labels.prometheus_rabbitmq_exporter.node_selector_key }}: {{ $envAll.Values.labels.prometheus_rabbitmq_exporter.node_selector_value }} + terminationGracePeriodSeconds: {{ $envAll.Values.pod.lifecycle.termination_grace_period.prometheus_rabbitmq_exporter.timeout | default "30" }} + initContainers: +{{ tuple $envAll "prometheus_rabbitmq_exporter" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: rabbitmq-exporter +{{ tuple $envAll "prometheus_rabbitmq_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.prometheus_rabbitmq_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + ports: + - name: metrics + containerPort: {{ $envAll.Values.network.prometheus_rabbitmq_exporter.port }} + env: + - name: RABBIT_URL + value: http://{{ tuple "oslo_messaging" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}:15672 + - name: RABBIT_USER + value: {{ $envAll.Values.endpoints.oslo_messaging.auth.user.username | quote }} + - name: RABBIT_PASSWORD + value: {{ $envAll.Values.endpoints.oslo_messaging.auth.user.password | quote }} + - name: RABBIT_CAPABILITIES + value: {{ tuple $envAll.Values.conf.prometheus_exporter.capabilities $envAll | include "helm-toolkit.utils.joinListWithComma" | quote }} + - name: PUBLISH_PORT + value: {{ $envAll.Values.network.prometheus_rabbitmq_exporter.port | quote }} + - name: LOG_LEVEL + value: {{ $envAll.Values.conf.prometheus_exporter.log_level | quote }} + - name: SKIPVERIFY + value: {{ $envAll.Values.conf.prometheus_exporter.skipverify | quote }} +{{- end }} diff --git a/rabbitmq/templates/monitoring/prometheus/exporter-service.yaml b/rabbitmq/templates/monitoring/prometheus/exporter-service.yaml new file mode 100644 index 000000000..f49a12674 --- /dev/null +++ b/rabbitmq/templates/monitoring/prometheus/exporter-service.yaml @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.service_exporter .Values.monitoring.prometheus.enabled }} +{{- $envAll := . }} +{{- $prometheus_annotations := $envAll.Values.monitoring.prometheus.rabbitmq_exporter }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "prometheus_rabbitmq_exporter" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + labels: +{{ tuple $envAll "prometheus_rabbitmq_exporter" "metrics" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: +{{- if $envAll.Values.monitoring.prometheus.enabled }} +{{ tuple $prometheus_annotations | include "helm-toolkit.snippets.prometheus_service_annotations" | indent 4 }} +{{- end }} +spec: + ports: + - name: metrics + port: {{ $envAll.Values.network.prometheus_rabbitmq_exporter.port }} + selector: +{{ tuple $envAll "prometheus_rabbitmq_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{- end }} diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml new file mode 100644 index 000000000..ea325fc74 --- /dev/null +++ b/rabbitmq/templates/pod-test.yaml @@ -0,0 +1,56 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.pod_test }} +{{- $envAll := . }} + +{{- $serviceAccountName := print .Release.Name "-test" }} +{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{.Release.Name}}-test" + labels: +{{ tuple $envAll "rabbitmq" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ $envAll.Values.labels.test.node_selector_key }}: {{ $envAll.Values.labels.test.node_selector_value }} + restartPolicy: Never + initContainers: +{{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: {{.Release.Name}}-rabbitmq-test +{{ tuple $envAll "scripted_test" | include "helm-toolkit.snippets.image" | indent 6 }} + env: + - name: RABBITMQ_ADMIN_CONNECTION + value: "{{ tuple "oslo_messaging" "internal" "user" "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}" + command: + - /tmp/rabbitmq-test.sh + volumeMounts: + - name: rabbitmq-bin + mountPath: /tmp/rabbitmq-test.sh + subPath: rabbitmq-test.sh + readOnly: true + volumes: + - name: rabbitmq-bin + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} + defaultMode: 0555 +{{- end }} diff --git a/rabbitmq/templates/service-discovery.yaml b/rabbitmq/templates/service-discovery.yaml new file mode 100644 index 000000000..54c16f27e --- /dev/null +++ b/rabbitmq/templates/service-discovery.yaml @@ -0,0 +1,39 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service_discovery }} +{{- $envAll := . }} +{{- if empty $envAll.Values.endpoints.oslo_messaging.hosts.discovery }} +{{- $service_discovery_name := .Release.Name | trunc 12 }} +{{- $_ := set $envAll.Values.endpoints.oslo_messaging.hosts "discovery" ( printf "%s-%s-%s" $service_discovery_name "dsv" ( $service_discovery_name | sha256sum | trunc 6 )) }} +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "oslo_messaging" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - port: {{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + name: amqp + - port: {{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }} + name: clustering + - port: {{ tuple "oslo_messaging" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + name: http + clusterIP: None + selector: +{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{ end }} diff --git a/rabbitmq/templates/service-ingress-management.yaml b/rabbitmq/templates/service-ingress-management.yaml new file mode 100644 index 000000000..deca9b990 --- /dev/null +++ b/rabbitmq/templates/service-ingress-management.yaml @@ -0,0 +1,25 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.service_ingress_management .Values.network.management.ingress.public }} +{{- $envAll := . }} +{{- if empty $envAll.Values.endpoints.oslo_messaging.hosts.public }} +{{- $service_public_name := .Release.Name | trunc 12 }} +{{- $_ := set $envAll.Values.endpoints.oslo_messaging.hosts "public" ( printf "%s-%s-%s" $service_public_name "mgr" ( $service_public_name | sha256sum | trunc 6 )) }} +{{- end }} +{{- $serviceIngressOpts := dict "envAll" . "backendService" "management" "backendServiceType" "oslo_messaging" "backendPort" "http" -}} +{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} +{{- end }} diff --git a/rabbitmq/templates/service.yaml b/rabbitmq/templates/service.yaml new file mode 100644 index 000000000..262226e4b --- /dev/null +++ b/rabbitmq/templates/service.yaml @@ -0,0 +1,34 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "oslo_messaging" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - port: {{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + name: amqp + - port: {{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }} + name: clustering + - port: {{ tuple "oslo_messaging" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + name: http + selector: +{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{ end }} diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml new file mode 100644 index 000000000..7f3215ad4 --- /dev/null +++ b/rabbitmq/templates/statefulset.yaml @@ -0,0 +1,183 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset }} +{{- $envAll := . }} +{{- if empty $envAll.Values.endpoints.oslo_messaging.hosts.discovery }} +{{- $service_discovery_name := .Release.Name | trunc 12 }} +{{- $_ := set $envAll.Values.endpoints.oslo_messaging.hosts "discovery" ( printf "%s-%s-%s" $service_discovery_name "dsv" ( $service_discovery_name | sha256sum | trunc 6 )) }} +{{- end }} + +{{- $rcControllerName := printf "%s-%s" $envAll.Release.Name "rabbitmq" }} +{{ tuple $envAll "rabbitmq" $rcControllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: {{ $rcControllerName | quote }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $rcControllerName | quote }} +subjects: + - kind: ServiceAccount + name: {{ $rcControllerName | quote }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ $rcControllerName | quote }} + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + - extensions + - batch + - apps + verbs: + - get + - list + resources: + - services + - endpoints +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ $rcControllerName | quote }} + labels: +{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + serviceName: {{ tuple "oslo_messaging" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + replicas: {{ $envAll.Values.pod.replicas.server }} + selector: + matchLabels: +{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $rcControllerName | quote }} + affinity: +{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ $envAll.Values.labels.server.node_selector_key }}: {{ $envAll.Values.labels.server.node_selector_value }} + initContainers: +{{ tuple $envAll "rabbitmq" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if $envAll.Values.volume.chown_on_start }} + - name: rabbitmq-perms +{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: + runAsUser: 0 +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - chown + - -R + - "rabbitmq:" + - /var/lib/rabbitmq + volumeMounts: + - name: rabbitmq-data + mountPath: /var/lib/rabbitmq +{{- end }} + containers: + - name: rabbitmq +{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/rabbitmq-start.sh + ports: + - name: http + protocol: TCP + containerPort: {{ tuple "oslo_messaging" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: amqp + protocol: TCP + containerPort: {{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + - name: clustering + protocol: TCP + containerPort: {{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_NODENAME + value: "rabbit@$(MY_POD_NAME).{{ tuple "oslo_messaging" "discovery" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}" + - name: K8S_SERVICE_NAME + value: {{ tuple "oslo_messaging" "discovery" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + # NOTE(portdirect): We use the discovery fqdn here, as we resolve + # nodes via their pods hostname/nodename + - name: K8S_HOSTNAME_SUFFIX + value: ".{{ tuple "oslo_messaging" "discovery" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}" + - name: RABBITMQ_ERLANG_COOKIE + value: "{{ $envAll.Values.endpoints.oslo_messaging.auth.erlang_cookie }}" + readinessProbe: + initialDelaySeconds: 10 + timeoutSeconds: 10 + exec: + command: + - /tmp/rabbitmq-readiness.sh + livenessProbe: + initialDelaySeconds: 30 + timeoutSeconds: 10 + exec: + command: + - /tmp/rabbitmq-liveness.sh + volumeMounts: + - name: rabbitmq-data + mountPath: /var/lib/rabbitmq + - name: rabbitmq-bin + mountPath: /tmp + - name: rabbitmq-etc + mountPath: /etc/rabbitmq/enabled_plugins + subPath: enabled_plugins + readOnly: true + - name: rabbitmq-etc + mountPath: /etc/rabbitmq/rabbitmq.conf + subPath: rabbitmq.conf + readOnly: true + volumes: + - name: rabbitmq-bin + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-bin" | quote }} + defaultMode: 0555 + - name: rabbitmq-etc + configMap: + name: {{ printf "%s-%s" $envAll.Release.Name "rabbitmq-etc" | quote }} + defaultMode: 0444 + {{- if not $envAll.Values.volume.enabled }} + - name: rabbitmq-data + emptyDir: {} + {{- end }} +{{- if $envAll.Values.volume.enabled }} + volumeClaimTemplates: + - metadata: + name: rabbitmq-data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ $envAll.Values.volume.size }} + storageClassName: {{ $envAll.Values.volume.class_name }} +{{- end }} +{{ end }} diff --git a/rabbitmq/templates/utils/_to_rabbit_config.tpl b/rabbitmq/templates/utils/_to_rabbit_config.tpl new file mode 100644 index 000000000..fb90bd172 --- /dev/null +++ b/rabbitmq/templates/utils/_to_rabbit_config.tpl @@ -0,0 +1,37 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "rabbitmq.utils.to_rabbit_config" -}} +{{- range $top_key, $top_value := . }} +{{- if kindIs "map" $top_value -}} +{{- range $second_key, $second_value := . }} +{{- if kindIs "map" $second_value -}} +{{- range $third_key, $third_value := . }} +{{- if kindIs "map" $third_value -}} +{{ $top_key }}.{{ $second_key }}.{{ $third_key }} = wow +{{ else -}} +{{ $top_key }}.{{ $second_key }}.{{ $third_key }} = {{ $third_value }} +{{ end -}} +{{- end -}} +{{ else -}} +{{ $top_key }}.{{ $second_key }} = {{ $second_value }} +{{ end -}} +{{- end -}} +{{ else -}} +{{ $top_key }} = {{ $top_value }} +{{ end -}} +{{- end -}} +{{- end -}} diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml new file mode 100644 index 000000000..a8b03ecc8 --- /dev/null +++ b/rabbitmq/values.yaml @@ -0,0 +1,273 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for rabbitmq. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + prometheus_rabbitmq_exporter: + node_selector_key: openstack-control-plane + node_selector_value: enabled + test: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +images: + tags: + prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0 + prometheus_rabbitmq_exporter_helm_tests: docker.io/openstackhelm/heat:newton + rabbitmq: docker.io/rabbitmq:3.7.4 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + scripted_test: docker.io/rabbitmq:3.7.4-management + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + server: 3 + prometheus_rabbitmq_exporter: 1 + lifecycle: + upgrades: + deployments: + revision_history: 3 + pod_replacement_strategy: RollingUpdate + rolling_update: + max_unavailable: 1 + max_surge: 3 + termination_grace_period: + prometheus_rabbitmq_exporter: + timeout: 30 + disruption_budget: + mariadb: + min_available: 0 + resources: + enabled: false + prometheus_rabbitmq_exporter: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "500m" + server: + limits: + memory: "128Mi" + cpu: "500m" + requests: + memory: "128Mi" + cpu: "500m" + jobs: + tests: + limits: + memory: "1024Mi" + cpu: "2000m" + requests: + memory: "128Mi" + cpu: "100m" + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +conf: + enabled_plugins: + - rabbitmq_management + - rabbitmq_peer_discovery_k8s + prometheus_exporter: + capabilities: + - no_sort + log_level: info + skipverify: 1 + rabbitmq: + listeners: + tcp: + # NOTE(portdirect): This is always defined via the endpoints section. + 1: null + cluster_formation: + peer_discovery_backend: rabbit_peer_discovery_k8s + k8s: + address_type: hostname + node_cleanup: + interval: "10" + only_log_warning: "true" + cluster_partition_handling: autoheal + queue_master_locator: min-masters + loopback_users.guest: "false" + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - rabbitmq-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + prometheus_rabbitmq_exporter: + services: + - endpoint: internal + service: oslo_messaging + prometheus_rabbitmq_exporter_tests: + services: + - endpoint: internal + service: prometheus_rabbitmq_exporter + - endpoint: internal + service: monitoring + rabbitmq: + jobs: null + tests: + services: + - endpoint: internal + service: oslo_messaging + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +monitoring: + prometheus: + enabled: false + rabbitmq_exporter: + scrape: true + +network: + management: + ingress: + public: true + classes: + namespace: "nginx" + cluster: "nginx-cluster" + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + prometheus_rabbitmq_exporter: + port: 9095 + +# typically overridden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + monitoring: + name: prometheus + namespace: null + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: 'http' + port: + api: + default: 9090 + public: 80 + oslo_messaging: + auth: + erlang_cookie: openstack-cookie + user: + username: rabbitmq + password: password + hosts: + default: rabbitmq + # NOTE(portdirect): If left empty, the release name sha suffixed with dsv + # will be used for to produce a unique hostname for clustering + # and discovery. + discovery: null + # NOTE(portdirect): the public host is only used to the management WUI + # If left empty, the release name sha suffixed with mgr, will be used to + # produce an unique hostname. + public: null + host_fqdn_override: + default: null + path: / + scheme: rabbit + port: + clustering: + # NOTE(portdirect): the value for this port is driven by amqp+20000 + # it should not be set manually. + default: null + amqp: + default: 5672 + http: + default: 15672 + public: 80 + prometheus_rabbitmq_exporter: + namespace: null + hosts: + default: rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9095 + +volume: + chown_on_start: true + enabled: true + class_name: general + size: 256Mi + +manifests: + configmap_bin: true + configmap_etc: true + ingress_management: true + job_image_repo_sync: true + pod_test: true + monitoring: + prometheus: + configmap_bin: true + deployment_exporter: true + service_exporter: true + service_discovery: true + service_ingress_management: true + service: true + statefulset: true